[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #25197 [Applications/Tor Browser]: Design document isn't precise about "Security" and "Privacy".

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #25197 [Applications/Tor Browser]: Design document isn't precise about "Security" and "Privacy".
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 24 Oct 2018 04:07:41 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 24 Oct 2018 00:07:52 -0400
In-reply-to: <055.a3be4effafa3893607163208dcfd6024@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <055.a3be4effafa3893607163208dcfd6024@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#25197: Design document isn't precise about "Security" and "Privacy".
--------------------------------------+--------------------------
 Reporter:  arthuredelstein           |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-spec                  |  Actual Points:
Parent ID:  #25021                    |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by traumschule):

 comment:5:ticket:25021 mentions to explain better why extensions can be
 harmful, both for security (preventing exploits) and preventing
 fingerprintability as one danger to privacy, next to leaks of personal
 information. Maybe this is good example to differentiate these concepts.

 Also trackers are a tricky topic that should be covered because
 "deactivate javascript" is the common answer to browse more safely (higher
 security), but it leads to the wrong assumption, that it helps against
 tracking (privacy) while IIUC it does not help against web bugs like
 hidden images or other resources on third party domains etc (only if
 loaded by scripts).

 This is especially important because many users (including myself) are
 trained to install "essential extensions" for privacy:
 https://riseup.net/en/better-web-browsing
 https://riseup.net/en/security/network-security/better-web-browsing
 /browser-score-card

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25197#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #27896 [Core Tor/Tor]: base32 padding inconsistency between client and server in HS v3 client auth preview
Next by Author: Re: [tor-bugs] #27735 [Core Tor/Tor]: Tors with cached consensuses can't upgrade to a version that stops supporting a required protocol
Previous by thread: Re: [tor-bugs] #25197 [Applications/Tor Browser]: Design document isn't precise about "Security" and "Privacy".
Next by thread: [tor-bugs] #28154 [Community/Tor Support]: What do the different onions mean on the address bar?
Index(es):
- Author
- Thread